Digital Defense announced that its Vulnerability Research Team (VRT) uncovered a previously undisclosed vulnerability affecting D-Link VPN routers. D-Link DSR-150, DSR-250, DSR-500 and DSR-1000AC VPN routers running firmware version 3.14 and 3.17 are vulnerable to a remotely exploitable root command injection flaw. These devices are commonly available on consumer websites/ecommerce sites such as Amazon, Best Buy, Office Depot and Walmart.